package org.openremote.container.security;

import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.util.HttpString;
import java.util.logging.Logger;
import org.openremote.container.security.keycloak.KeycloakIdentityProvider;
import org.openremote.model.Container;
import org.openremote.model.ContainerService;

/* loaded from: input_file:org/openremote/container/security/IdentityService.class */
public abstract class IdentityService implements ContainerService {
    public static final int PRIORITY = -2147483538;
    private static final Logger LOG = Logger.getLogger(IdentityService.class.getName());
    public static final String OR_IDENTITY_PROVIDER = "OR_IDENTITY_PROVIDER";
    public static final String OR_IDENTITY_PROVIDER_DEFAULT = "keycloak";
    protected IdentityProvider identityProvider;
    protected boolean devMode;

    public int getPriority() {
        return PRIORITY;
    }

    public void init(Container container) throws Exception {
        this.devMode = container.isDevMode();
        this.identityProvider = createIdentityProvider(container);
        this.identityProvider.init(container);
    }

    public void start(Container container) throws Exception {
        this.identityProvider.start(container);
    }

    public void stop(Container container) throws Exception {
        this.identityProvider.stop(container);
    }

    public void secureDeployment(DeploymentInfo deploymentInfo) {
        LOG.info("Securing web deployment: " + deploymentInfo.getContextPath());
        deploymentInfo.addInitialHandlerChainWrapper(AuthOverloadHandler::new);
        deploymentInfo.setSecurityDisabled(false);
        this.identityProvider.secureDeployment(deploymentInfo);
        if (this.devMode) {
            deploymentInfo.addOuterHandlerChainWrapper(new HandlerWrapper() { // from class: org.openremote.container.security.IdentityService.1
                public HttpHandler wrap(final HttpHandler httpHandler) {
                    return new HttpHandler() { // from class: org.openremote.container.security.IdentityService.1.1
                        public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
                            if (httpServerExchange.isInIoThread()) {
                                httpServerExchange.dispatch(this);
                                return;
                            }
                            httpServerExchange.getResponseHeaders().add(HttpString.tryFromString("Access-Control-Allow-Origin"), httpServerExchange.getRequestHeaders().getFirst("Origin"));
                            httpServerExchange.getResponseHeaders().add(HttpString.tryFromString("Access-Control-Allow-Credentials"), "true");
                            httpHandler.handleRequest(httpServerExchange);
                        }
                    };
                }
            });
        }
    }

    public boolean isKeycloakEnabled() {
        return this.identityProvider instanceof KeycloakIdentityProvider;
    }

    public abstract IdentityProvider createIdentityProvider(Container container);
}
